Re^4: GPG signing Issue

Thanks, pryrt. It does indeed help to know that a similar setup has been shown to work in that I know it isn't a complete non-starter. Both the perl and gpg binaries are 64bit and I'm using Linux on a physical host (although if I can get this working it will go on VMs in production).

Will keep plugging away at it and report back if I get anywhere.

Update: It appears to be dependent on the key size. A valid signature is produced from a 1024 bit key but not a 4096 bit key (which I tend to use by default these days).

Update 2: It's more complicated than that. It only works with some 1024 bit keys. I'm beginning to think that maybe this module isn't suitable for production environments after all. :-/

Comment on Re^4: GPG signing Issue

Replies are listed 'Best First'.
Re^5: GPG signing Issue by pryrt (Abbot) on Jan 31, 2019 at 18:34 UTC
ooh, updates. :-) Glad I happened to come back to the thread. (I use Newest Nodes, which doesn't flag nodes that have been edited). Anyway, I was about to say "time to file a bug report", but it turns out that rt://126994 was filed months ago, and sounds like a similar issue. Add more data onto that ticket? Or give up? Your choice, really. :-) edit: given that Crypt-OpenPGP repo hasn't been updated since 2015, "giving up" may be the most efficient choice. Looks like there are Pull Requests ranging from 2011-2017 -- apparently, everyone on GitHub gave up 1.5 years ago. :-(	[reply]
Re^6: GPG signing Issue by hippo (Archbishop) on Feb 01, 2019 at 11:12 UTC
The updates didn't seem to warrant a new node - glad you saw them, though. rt://126994 may be related in general terms and underneath it may all be due to a lack of padding in Crypt::OpenPGP but the case and the resulting error message are quite different. I'll consider raising a new bug once enough evidence has been gathered but, as you've seen, neither the dist nor the repo appears to be actively maintained these days. It's the same for all of SROMANOV's modules. My use case ought to be simple: perform unattended signature creation. However, none of the available modules I've tried (Crypt::OpenPGP, Crypt::GPG, Crypt::GpgME) will do this reliably for me with a modern GnuPG installation. The requirement of an agent appears to scupper the last 2 so Crypt::OpenPGP was looking like the last best hope. Maybe I will crack it yet.	[reply]